// glossary / public-key-vs-private-key

Public key vs private key.

OpenPGP is built on asymmetric cryptography: every identity is a pair of mathematically linked keys. The public key is for sharing — anyone can encrypt to it or verify signatures with it. The private key (also called the secret key) is for you alone — it decrypts what was encrypted to you and signs what you authorize.

// definition

A public key is the half of an OpenPGP keypair you share freely — others use it to encrypt messages to you and to verify your signatures. The private key (or secret key) is the half you keep on your device, gated by a passphrase — it decrypts what was encrypted to you, and it signs what you authorize.

What they are.

OpenPGP uses asymmetric (public-key) cryptography. Each identity is a mathematically linked pair of keys: one half can encrypt and verify, the other half can decrypt and sign. Knowing one half doesn't let you compute the other (within practical limits of modern computers). This is what makes secure communication possible without a shared secret.

Concretely, your public key can be shared anywhere — your website, a keyserver, an email signature, a printed business card. You want it to be discoverable. Your private key stays in your device's secure storage (iOS Keychain, Android Keystore, gpg's keyring on desktop), protected by your passphrase. You want it to be hard to extract.

Why it matters.

The asymmetric structure is what makes the whole system useful:

Encryption is unidirectional. Someone encrypts to your public key. Only your private key can decrypt. You don't have to share a secret with them first.
Signatures are verifiable by anyone. You sign with your private key. Anyone with your public key can verify the signature without needing access to anything secret.
Identity persists. Your public key is durable — published once, valid for years. Other people accumulate trust in your fingerprint over time.

Losing or leaking your private key is the catastrophic failure mode. Loss means anyone who ever encrypted to you can no longer have their messages decrypted, and you can't sign anything new as that identity. Leak means whoever has the secret key can read all past ciphertexts encrypted to you and forge signatures as you.

// in armored form

-----BEGIN PGP PUBLIC KEY BLOCK----- ← public, safe to share ... -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PRIVATE KEY BLOCK----- ← private, NEVER share ... -----END PGP PRIVATE KEY BLOCK-----

// in PGPony The Keyring tab shows all your keys. Keys you control (have the private key for) are marked as key pairs; keys you've imported from contacts (public-only) are marked accordingly. The Export Public Key button in a key's detail view exports just the public half — safe to share. Export Private Key requires biometric re-auth because it releases the secret material.

Related terms

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store Get it on Google Play